Azure/VPN
From SETV Springfield Technical Wiki
Revision as of 07:45, 12 March 2017 by Setvadmin (talk | contribs) (→Create Self-Signed Root Certificate)
Step-by-set on how to set up VPNs in Azure
Point-to-Site
For roaming and individual users, connect a machine to the Vnet using a certificated VPN Profile.
Create Self-Signed Root Certificate
You need to use PowerShell to create the certificates.
- Run PowerShell as Admin
- Run this command clanging "P25RootCert" to a a static name
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature ` -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable ` -HashAlgorithm sha256 -KeyLength 2048 ` -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
- Export the Key run
certmgr.msc - Navigate to
'Certificates - Current User\Personal\Certificates', and right-click. Click All Tasks, and then click Export. - Export format as
Base-64 encoded X.509 (.CER)
Generate Client Certificate
Get-ChildItem -Path “Cert:\CurrentUser\My”
Find your Root Cert and copy the {Thumbprint}
$cert = Get-ChildItem -Path "Cert:\CurrentUser\My\{THUMBPRINT}"
Use the below code to create the Client certificate
New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")
Next
